Cybercrime case names U.S. Steel, Westinghouse, Alcoa as victims

• From 2007 to 2013, Westinghouse was involved in negotiations to build and run four nuclear power plants in China. Sun Kailiang is accused of stealing from Westinghouse computers confidential technical and design plans related to piping systems for the plant as well as internal company communications about business strategy.

• Between 2009 and 2012, defendant Sun is accused of targeting a U.S. Steel employee with a “spearphishing” email designed to trick the employee with a link to allow backdoor access to a company computer, which was used to steal host names and descriptions for more than 1,700 servers — including ones for emergency response, network monitoring and security, applications for employee mobile devices and physical access to company facilities in Western Pennsylvania.

• Hackers targeted Allegheny Technologies Inc. in 2012 while the company was engaged in litigation before the World Trade Organization with a Chinese state-owned steel company. Hackers stole network credentials for all employees.

• In 2012, United Steelworkers' president issued a “call to action” against Chinese policies and urged Congress to impose duties on Chinese imports. Within days, hackers stole top-level union emails discussing strategy.

• Sun Kailiang is accused of targeting Alcoa managers in 2008 with “spearphishing” emails designed to dupe managers into giving access to company computers.

Even if five Chinese military hackers accused of spying on U.S. businesses never come to Pittsburgh for trial, federal charges filed on Monday could have a far-reaching impact, a former federal prosecutor said.

“It's extremely unlikely all of these defendants will be brought to justice, but it sends a signal to the foreign government and also to the U.S. business community that the U.S. government is not going to sit idly by,” said Joseph DeMarco, a New York attorney and former head of the cybercrime unit at the U.S. Attorney's Office in New York.

Attorney General Eric Holder and U.S. Attorney David Hickton of Pittsburgh, among others, accused five members of the People's Liberation Army — China's military — of participating in government-sponsored cyber-espionage to steal trade secrets and other confidential information from American companies for use by Chinese competitors, including government-owned companies.

The work was done from a military building in Shanghai, prosecutors said.

Several of the targets have long-time ties to Western Pennsylvania: Alcoa, Allegheny Technologies Inc., United Steelworkers Union, U.S. Steel Corp. and Westinghouse Electric Co. Another target listed in court papers is SolarWorld AG, a German solar products company with a facility in Hillsboro, Ore.

“This is a case alleging economic espionage by members of the Chinese military and represents the first-ever charges against a state actor for this type of hacking,” Holder said during a news conference in Washington.

The 48-page indictment resulted from a Pittsburgh federal grand jury.

“Pittsburgh has become the target of state-sponsored cyber intrusion,” Hickton said, noting that total losses are unknown. “This 21st-century burglary has to stop.”

Chinese officials denied the claims and suspended the China-U.S. Cyber Working Group, announced in April 2013 to find ways to prevent hacking attacks after both sides accused the other of such actions.

“The U.S. accusation against Chinese personnel is purely ungrounded and absurd,” said Geng Shuang, a spokesman at the Chinese Embassy in Washington. “The indictment is based on fabricated facts. The move jeopardizes China-U.S. cooperation and mutual trust.”

Geng said the United States is guilty of cyber theft, wiretapping and surveillance activities against China's government as well as its institutions, companies, universities and residents.

“We once again strongly urge the U.S. side to make a clear explanation of what it has done and immediately stop such kind of activities,” he said.

Holder said gathering intelligence for national security is different from stealing trade secrets for unfair advantages in the marketplace.

“The range of trade secrets and other sensitive business information stolen in this case is significant and demands an aggressive response,” Holder said.

The defendants — Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu and Gu Chunhui — are members of a special unit within the Chinese military's signal intelligence, prosecutors said. Holder said they never visited U.S. soil, so there was no opportunity for arrest.

If the defendants are tried in the United States, the trial would take place in Pittsburgh, prosecutors said.

“It is our hope the Chinese government will respect our justice system,” Holder said. “Our intention is for the defendants to have due process in a U.S. court of law.”

That is unlikely, international law experts told the Tribune-Review.

The Chinese government will not want to set a precedent of handing its nationals over to U.S. prosecutors, said Margaret K. Lewis, a Seton Hall University law professor and extradition expert. The United States and China have no extradition treaty, though in rare instances, defendants have agreed to appear.

“Overall, however, I think both countries would be very hesitant to hand over their nationals to the other country's criminal justice system,” Lewis said.

The only chance for U.S. officials to get any of the defendants in custody to face trial might be catching them should they travel outside China, said Christopher Blakesley, a law professor at the University of Nevada Las Vegas.

“I doubt China would just turn them over, certainly not under today's politics,” Blakesley said.

Representatives with Allegheny Technologies and U.S. Steel referred questions to prosecutors, while a Westinghouse spokeswoman said the company had just learned about the allegations and needed time to review the indictment.

Wayne Ranick, a spokesman for USW International based Downtown, said the union “was quite troubled” by the allegations and took them seriously but would have no further comment because of the investigation.

An Alcoa spokeswoman downplayed any impact by Chinese hackers.

“To our knowledge, no material information was compromised during this incident, which occurred several years ago,” said Monica Orbe, Alcoa's director of corporate affairs. “Safeguarding our data is a top priority for Alcoa, and we continue to invest resources to protect our systems.”

U.S. Sen. Bob Casey, D-Scranton, was more adamant in his response.

“I am outraged by (the) announcement that members of China's People's Liberation Army hacked into companies in Pennsylvania and stole significant trade secrets to advantage Chinese state-owned companies,” Casey said in a statement. “As Attorney General Holder said, success of American business is based on fair play and hard work. For too long, China's unfair trade practices and economic policies have cost jobs in Pennsylvania and across the U.S.”

Also on Monday, federal prosecutors in New York City announced a separate worldwide raid over the weekend in 16 countries that resulted in the arrests of 97 people suspected of developing, distributing or using malicious software called BlackShades.

Holder said more charges could be filed as other investigations continue.

“These two cases show we are stepping up our cyber hacking efforts around the world,” he said.

Jason Cato is a staff writer for Trib Total Media. He can be reached at 412-320-7936 or jcato@tribweb.com.

You are solely responsible for your comments and by using TribLive.com you agree to our
Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent
via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.